The number of security breaches and stolen identities gets longer and longer all the time. Let’s put it this way: You know the list is long when Web sites start to chronicle and categorize the number of incidents. Just ask the Privacy Rights Clearinghouse – they’ve put together a list of all incidents since the ChoicePoint incident of February 2005.
Who are we going to blame? The quick response is to blame the hackers who infiltrate our systems, but at second thought, I’d like to put partial blame on the backs of big business and government who have not spent enough time or resources on ensuring their systems are secure, or paid enough attention to their employees – a prime source of what we call the “inside job.”
The breach on May 22 involving the Department of Veterans Affairs concerns some 26.5 million veterans whose IDs were put in jeopardy after an employee’s laptop was stolen. The employee took the laptop home (unauthorized) and when the person’s home was burgled, the laptop and its hard drive with the Veterans Affairs’ records, was stolen.
I’m going to repeat that number: 26.5 million! However, a number is just a number. Compare that to the American Red Cross’s breach of 1 million (check the Privacy Clearinghouse list again – it’s toward the bottom on May 24). Although not nearly as large, the effect is still immense.
We can point fingers all day. At the end of the day, we need to be more responsible to our companies and ourselves to make sure we’re doing everything we can to protect and ensure accuracy.
Who do you think should be held responsible for security and privacy breaches?